The structure of the Ethernet message is as follows:
wherein, the Ethernet frame header:
Bytes:mac Destination Address 48bit (6B), Mac Source address 48bit (6B), type domain 2B, altogether 14B.
IP header:
TCP Header:
Http://blog.163.com/[email protected]/blog/static/618945432011101110497885/
Http://www.cnblogs.com/zhuzhu2016/p/5797534.html
That is, the header of the message has a total of 54 bytes. The following is a simple HTTP request to view the actual status of Ethernet messages, as follows:
The contents of the message header 54 bytes are as follows:
The application data, is TCP segment, this TCP report stylistic length TCP segment len.
For the TCP stream, in Wireshark, the right-click Message entry, tracing the flow of automatic kick-and-turn information, as follows:
This will show only the stylistic data of the newspaper, as follows:
In this way, obviously for text flow such as HTTP, can be easily analyzed to simplify a lot.
Using Wireshark to analyze the message headers of TCP/IP messages